PHP Object Injection in Sitebuilder Dynamic Components Plugin for WordPress
CVE-2017-18604

7.5HIGH

Key Information:

Vendor

Wordpress
Status
Sitebuilder Dynamic Components
Vendor
CVE Published:
10 September 2019

What is CVE-2017-18604?

The Sitebuilder Dynamic Components plugin for WordPress, up to version 1.0, is susceptible to a PHP object injection vulnerability. This flaw can be exploited through AJAX requests, allowing attackers to manipulate objects and potentially execute arbitrary PHP code. The injection occurs due to insufficient validation of user input, making it essential for website administrators to update their plugins to mitigate risks associated with this vulnerability. Affected users should take immediate action to secure their installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://wpvulndb.com/vulnerabilities/8829
x_refsource_MISC
https://wordpress.org/plugins/sitebuilder-dynamic-compone...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.